WO2006039616A1 - System and method for user certificate initiation, distribution, and provisioning in converged wlan-wwan interworking networks - Google Patents
System and method for user certificate initiation, distribution, and provisioning in converged wlan-wwan interworking networks Download PDFInfo
- Publication number
- WO2006039616A1 WO2006039616A1 PCT/US2005/035412 US2005035412W WO2006039616A1 WO 2006039616 A1 WO2006039616 A1 WO 2006039616A1 US 2005035412 W US2005035412 W US 2005035412W WO 2006039616 A1 WO2006039616 A1 WO 2006039616A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- computing device
- user certificate
- key
- pair
- secure
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 230000000977 initiatory effect Effects 0.000 title claims abstract description 10
- 230000001413 cellular effect Effects 0.000 claims abstract description 30
- 238000012795 verification Methods 0.000 claims abstract description 8
- 230000010267 cellular communication Effects 0.000 claims description 2
- 238000009434 installation Methods 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 3
- 230000015654 memory Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000005291 magnetic effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Definitions
- Embodiments of the present invention are generally related to the field of
- WLAN-WWAN wireless local area network-wireless wide area network
- embodiments of the present invention are related to the initiation, distribution, and provisioning of user certificates in converged WLAN-WWAN interworking.
- WWAN networks may be used for cellular communications, such as, but not limited to, cellular phones and personal digital assistants (PDAs).
- Example WWAN networks include, but are not limited to, mobile networks such as Global System for Mobile Communications (GSM), Third Generation (3G) of Mobile Communications Technology, and Code Division Multiple Access (CDMA).
- WLAN networks may be used on computers, such as, but not limited to, laptops, notebooks, workstations, etc.
- Example WLAN networks include, but are not limited to, 802.11, 802.16, etc.
- wireless local links such as, for example, Bluetooth and
- IrDA Infrared Data Association
- PCs personal computers
- Wireless, and Verizon Wireless which have historically provided cellular type services via WWAN networks, are now beginning to offer WLAN type services as well.
- WWAN-WLAN services By offering both WWAN and WLAN services, these operators are striving to achieve what is called converged network operations, where WWAN-WLAN services are converged.
- subscribers may want to use the same authentication data or same credentials for all services offered (e.g., WWAN and WLAN services).
- WWAN specific e.g., GSM 03.48, WPKI (Wireless Application Protocol Public Key Infrastructure)
- WLAN specific e.g., PKI (Public Key Infrastructure)
- FIG. 1 is a diagram illustrating an exemplary system for providing user certificate initiation, distribution, and provisioning in a converged WWAN-WLAN interworking network according to an embodiment of the present invention.
- FIG. 2 is an action flow diagram illustrating an exemplary method for providing user certificate initiation, distribution, and provisioning in a converged WWAN- WLAN interworking network according to an embodiment of the present invention.
- Embodiments of the present invention are directed to a system and method for providing user certificate initiation, distribution, and provisioning in a converged WWAN-WLAN interworking network. This is accomplished by transferring a public key generated on a personal computing device to a mobile device, and then having the mobile device send the public key to a cellular network operator infrastructure for certification.
- a certificate incorporating the public key is then distributed to the mobile device and the personal computing device to enable a subscriber to be authenticated when using the WWAN-WLAN services on the converged network via the mobile device or the personal computing device.
- Applications may also use the certificate and key pair for digital signature, verification, and encryption purposes.
- the certificate may also enable mutual authentication.
- SIM Subscriber-Identity-Module
- USIM Universal Mobile Telephone System
- RUIM Removable User Identity Module
- Support of non- cellular devices, such as laptops, notebooks, and other computing devices is essential for WLAN access where the computing device is a more convenient platform than a cellular device (e.g., more memory, larger screen).
- embodiments of the present invention are described for use in a converged WWAN-WLAN interworking network, the invention is not limited to converged WWAN-WLAN interworking networks.
- One skilled in the relevant art(s) would know that embodiments of the invention may be equally applicable to other types of networks that may be converged today or in the future to form an interworking network.
- FIG. 1 is a diagram illustrating an exemplary system 100 for providing user certificate initiation, distribution, and provisioning in a converged WWAN-WLAN interworking network according to an embodiment of the present invention.
- System 100 comprises a WWAN network 102 and a WLAN network 104. Both WWAN network 102 and WLAN network 104 may be owned and operated by a single service provider, such as a telecommunications operator capable of providing WWAN services and WLAN services.
- WWAN network 102 comprises a mobile terminal 106 having WWAN access/support.
- WLAN network 104 comprises a personal computer 108 having WLAN access/support.
- Both WWAN network 102 and WLAN network 104 allow mobile terminal 106 and personal computer 108, respectively, access to the Internet 124, or other networks, such as, for example, corporate networks.
- mobile terminal 106 and personal computer 108 are operated by the same subscriber.
- embodiments of the present invention are described using one mobile terminal and one personal computer, one skilled in the relevant art(s) would know that a subscriber having multiple mobile terminals and/or multiple personal computers may have the user certificate distributed to each mobile terminal and/or personal computer to enable use of a single user certificate for each device used by the subscriber.
- Backend infrastructure 114 comprises, inter alia, a home location register (HLR) 116.
- HLR 116 comprises a main database of permanent subscriber information for both networks 102 and 104.
- HLR 116 contains pertinent user information, such as name, address, account status, peferences, etc.
- HLR 116 further comprises a base station controller (BSC) 118, a home subscriber server (HSS) 120, and a public key infrastructure (PKI) portal 122.
- BSC base station controller
- HSS home subscriber server
- PKI public key infrastructure
- BSC 118 provides control functions and physical links between a mobile services switching center (MSC) (not shown) and a base transceiver station (i.e., radio equipment) (also not shown).
- MSC mobile services switching center
- base transceiver station i.e., radio equipment
- HSS 120 stores new parameters in the subscriber profile related to the use of a bootstrapping function.
- Bootstrapping is a well known process used to securely manage information to and from remote wireless devices, such as, but not limited to, GSM 03.48.
- bootstrapping may be used to push information, such as, for example, the public key, to HSS 120 of backend infrastructure 1 14 for insertion into the certificate.
- Bootstrapping may also be used to distribute the certificate back to mobile terminal 106 and thereafter, personal computer 108.
- bootstrapping may also be used to distribute the user certificate to each mobile terminal, and thereafter, each personal computer.
- PKI portal 122 comprises a collection of certificates. All of the certificates generated by telecommunications operator 114 are stored in PKI portal 122.
- Personal computer 108 comprises, inter alia, a key-pair generator 110 and a secure storage unit 112. Personal computer 108 may be a laptop, a notebook, a workstation, or any other computing device capable of having WLAN support.
- Key pair generator 110 enables personal computer 108 to play a major role in the provisioning of the user certificate. Key-pair generator 110 provides a secure and reliable way to generate a key pair. The key-pair includes both a public key and a private key. The key-pair may be generated using hardware, software, or via a smart card.
- the key-pair may be generated using a trusted platform module (TPM) implemented on personal computer 108.
- TPM trusted platform module
- the TPM provides hardware- based protection for the encryption and digital signature keys that secure the confidentiality of user data.
- the TPM protects encryption keys and platform authentication information from software-based attacks by securing them in hardware.
- the key-pair may also be generated using software, such as, for example CAPI (Cryptographic Application Program Interface), manufactured by Microsoft Corporation.
- a smart card may also be used to generate the key-pair in a well-known manner.
- the public key portion of the key-pair is be used to generate the certificate in the converged network.
- Secure storage unit 112 provides a secure means for storing the private key of the key-pair! Secure storage unit 112 also stores the certificate that is generated by backend infrastructure 114.
- System 100 also provides a wired or wireless local link 126 between mobile terminal 104 and personal computer 108 for passing data between mobile terminal 104 and personal computer 108.
- Local link 126 may include wireless technologies such as, for example, Bluetooth, IrDA, or other types of wireless technologies that may be used to enable mobile terminals to communicate with personal computers.
- Local link 126 may also include wired technologies such as, for example, a Universal Serial Bus (USB) cable, a serial cable, an Ethernet cable, or any other cable that may be used to enable communications between a mobile terminal and a personal computer.
- USB Universal Serial Bus
- Embodiments of the present invention allow operators and service providers the ability to offer subscribers improved ease of use, unified billing, and use of existing network infratructures in a converged interworking network.
- mobile terminals and personal computers may have a unified network authentication method.
- mobile personal computers such as, for example, laptops and notebooks, may be provided with the ability to roam, which has traditionally only been used by wireless phones.
- FIG. 2 is an action flow diagram describing an exemplary method 200 for providing user certificate initiation, distribution, and provisioning in a converged WWAN-WLAN interworking network according to an embodiment of the present invention.
- the invention is not limited to the embodiment described herein with respect to action flow diagram 200. Rather, it will be apparent to persons skilled in the relevant art(s) after reading the teachings provided herein that other functional action flow diagrams are within the scope of the invention.
- the process is described from the perspective of personal computer 108, mobile terminal 106, and cellular network backend infrastructure 114 The process begins at 202, where a secure and reliable key pair is generated on personal computer 108.
- the key pair may be generated via hardware, software, or a smart card as indicated above.
- the private key portion of the key pair is stored in secure storage unit 112.
- a user i.e., subscriber
- an application may initiate the process of generating and distributing a user certificate.
- a public key from the key pair is transferred from computing device 108 to mobile terminal 106 over location limited channel 126.
- location limited channel 126 may be a wired or wireless location limited channel that enables mobile terminal 106 to communicate with computing device 108.
- mobile terminal 106 performs a bootstrapping procedure with the cellular operator by pushing the public key to backend infrastructure 114.
- the user must authorize the bootstrap operation.
- the bootstrap operation is authorized by requiring the user to enter a personal identification number (PIN) obtained from the cellular operator into mobile terminal 106.
- PIN personal identification number
- the bootstrapping procedure enables backend infrastructure 114 to generate a user certificate for the public key and distribute the user certificate to mobile terminal 106 in 210.
- the user certificate may be stored on mobile terminal 106 in 212.
- the user certificate may be installed on mobile terminal 106 via a SIM card.
- the storage of the user certificate on mobile terminal 106 enables WWAN authentication and access to services offered by WWAN network 102 (in 213).
- a certificate for the cellular operator may also be obtained and installed on the SIM card.
- the user certificate (and the cellular operator certificate, if obtained) is transferred to computing device 108 via wired or wireless channel 126.
- the user certificate may be distributed to the remaining mobile terminals 106 and computing devices 108 as well.
- the user certificate is installed on computing device 108.
- the user certificate may be installed by storing it in the trusted platform module (i.e., secure storage unit 112).
- the user certificate may be installed via a software-based store.
- the user certificate may be installed on the user's smart card.
- the user certificate may be stored on a SIM. If the cellular operator certificate is also obtained, it may also be installed on the computing device, smart card, or SIM.
- applications may use the certificate and key pair for digital signature, verification, and/or encryption purposes. In an embodiment where the cellular operator certificate was also obtained and installed, applications may also use it when verifying digital signatures.
- the cellular operator certificate will also enable mutual authentication, which is well known to those skilled in the relevant art(s).
- a user may use the certificate to sign documents, emails, etc., to verify emails and other types of documents, to encrypt emails and other types of documents, to perform e-commerce, etc.
- the secure and reliable key pair may also be used to secure WLAN operations.
- embodiments of the present invention have been described for generating and distributing a user certificate, the invention is not limited to a single user obtaining a single certificate. In embodiments of the invention, more than one user certificate may be generated and distributed to a single user as well. [0036] Certain aspects of embodiments of the present invention may be implemented using hardware, software, or a combination thereof and may be implemented in one or more computer systems or other processing systems.
- the methods may be implemented in programs executing on programmable machines such as mobile or stationary computers, personal digital assistants (PDAs), set top boxes, cellular telephones and pagers, and other electronic devices that each include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and one or more output devices.
- Program code is applied to the data entered using the input device to perform the functions described and to generate output information.
- the output information may be applied to one or more output devices.
- programmable machines such as mobile or stationary computers, personal digital assistants (PDAs), set top boxes, cellular telephones and pagers, and other electronic devices that each include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and one or more output devices.
- Program code is applied to the data entered using the input device to perform the functions described and to generate output information.
- the output information may be applied to one or more output
- Each program may be implemented in a high level procedural or object oriented programming language to communicate with a processing system.
- programs may be implemented in assembly or machine language, if desired. In any case, the language may be compiled or interpreted.
- Program instructions may be used to cause a general-purpose or special- purpose processing system that is programmed with the instructions to perform the methods described herein. Alternatively, the methods may be performed by specific hardware components that contain hardwired logic for performing the methods, or by any combination of programmed computer components and custom hardware components.
- the methods described herein may be provided as a computer program product that may include a machine readable medium having stored thereon instructions that may be used to program a processing system or other electronic device to perform the methods.
- the term "machine readable medium” or “machine accessible medium” used herein shall include any medium that is capable of storing or encoding a sequence of instructions for execution by the machine and that causes the machine to perform any one of the methods described herein.
- machine readable medium and “machine accessible medium” shall accordingly include, but not be limited to, solid-state memories, optical and magnetic disks, and a carrier wave that encodes a data signal. Furthermore, it is common in the art to speak of software, in one form or US2005/035412
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE112005002362.1T DE112005002362B4 (en) | 2004-10-01 | 2005-09-30 | System and method for user certificate creation, distribution and provision in converged WLAN-WWAN cooperating networks |
JP2007534842A JP4792037B2 (en) | 2004-10-01 | 2005-09-30 | System and method for user certificate initialization, distribution, and distribution in a centralized WLAN-WWAN interaction network |
GB0705907A GB2433003B (en) | 2004-10-01 | 2005-09-30 | System and method for user certificate initiation,distribution,and provisioning in converged WLAN-WWAN interworking networks |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/956,765 US9282455B2 (en) | 2004-10-01 | 2004-10-01 | System and method for user certificate initiation, distribution, and provisioning in converged WLAN-WWAN interworking networks |
US10/956,765 | 2004-10-01 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006039616A1 true WO2006039616A1 (en) | 2006-04-13 |
Family
ID=35636646
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2005/035412 WO2006039616A1 (en) | 2004-10-01 | 2005-09-30 | System and method for user certificate initiation, distribution, and provisioning in converged wlan-wwan interworking networks |
Country Status (7)
Country | Link |
---|---|
US (2) | US9282455B2 (en) |
JP (1) | JP4792037B2 (en) |
KR (1) | KR100922452B1 (en) |
CN (1) | CN100542344C (en) |
DE (1) | DE112005002362B4 (en) |
GB (1) | GB2433003B (en) |
WO (1) | WO2006039616A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009514434A (en) * | 2005-12-30 | 2009-04-02 | インテル・コーポレーション | Use of shared platform derivation based on trusted platform and enrollment based on WWAN infrastructure to establish secure local channel |
WO2013111251A1 (en) * | 2012-01-25 | 2013-08-01 | パナソニック株式会社 | Key management system, key management method, and communication device |
Families Citing this family (41)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8543814B2 (en) * | 2005-01-12 | 2013-09-24 | Rpx Corporation | Method and apparatus for using generic authentication architecture procedures in personal computers |
US8726023B2 (en) * | 2005-02-03 | 2014-05-13 | Nokia Corporation | Authentication using GAA functionality for unidirectional network connections |
US20070049232A1 (en) * | 2005-08-15 | 2007-03-01 | Research In Motion Limited | Joint Space-Time Optimum Filter (JSTOF) Using QR and Eigenvalue Decompositions |
KR100755536B1 (en) * | 2005-12-15 | 2007-09-06 | 주식회사 팬택앤큐리텔 | Prevention system for the IP allocation of a cloned mobile phone |
US8099082B2 (en) | 2005-12-16 | 2012-01-17 | Research In Motion Limited | System and method wireless messaging in a wireless communication system |
US8005459B2 (en) | 2005-12-16 | 2011-08-23 | Research In Motion Limited | System and method of authenticating login credentials in a wireless communication system |
US20070149171A1 (en) * | 2005-12-27 | 2007-06-28 | Hsin-Hsu Cho | Wireless mobile communication system |
US7885858B2 (en) * | 2006-01-24 | 2011-02-08 | Dell Products L.P. | System and method for managing information handling system wireless network provisioning |
US8527770B2 (en) | 2006-07-20 | 2013-09-03 | Research In Motion Limited | System and method for provisioning device certificates |
US8712474B2 (en) * | 2007-04-20 | 2014-04-29 | Telefonaktiebolaget L M Ericsson (Publ) | Secure soft SIM credential transfer |
FR2958821A1 (en) * | 2007-12-11 | 2011-10-14 | Mediscs | METHOD FOR AUTHENTICATING A USER |
DE602008003893D1 (en) * | 2008-02-29 | 2011-01-20 | Research In Motion Ltd | A method and apparatus for use in obtaining a digital certificate for a mobile communication device |
US10015158B2 (en) * | 2008-02-29 | 2018-07-03 | Blackberry Limited | Methods and apparatus for use in enabling a mobile communication device with a digital certificate |
US9479339B2 (en) * | 2008-02-29 | 2016-10-25 | Blackberry Limited | Methods and apparatus for use in obtaining a digital certificate for a mobile communication device |
ATE519316T1 (en) | 2008-02-29 | 2011-08-15 | Research In Motion Ltd | METHOD AND APPARATUS FOR USE IN ACTIVATEING A MOBILE COMMUNICATIONS DEVICE WITH A DIGITAL CERTIFICATE |
KR101236438B1 (en) * | 2008-11-04 | 2013-02-21 | 에스케이플래닛 주식회사 | System and Method for Providing Service to End Device in Converged Personal Network Service Environment, and Converged Personal Network Service Server, Mobile Communication Terminal and End Device |
KR101268838B1 (en) * | 2008-11-06 | 2013-05-29 | 에스케이플래닛 주식회사 | System and Method for Controlling End Device of Long Distance in Converged Personal Network Service Environment, and Converged Personal Network Service Server, Mobile Communication Terminal therefor |
US8386773B2 (en) * | 2008-12-09 | 2013-02-26 | Research In Motion Limited | Verification methods and apparatus for use in providing application services to mobile communication devices |
US20110161659A1 (en) * | 2009-12-28 | 2011-06-30 | Motorola, Inc. | Method to enable secure self-provisioning of subscriber units in a communication system |
CN102202291B (en) * | 2010-03-22 | 2014-09-10 | 中国移动通信集团公司 | Card-free terminal, service access method and system thereof, terminal with card and bootstrapping server function (BSF) |
US20120066750A1 (en) * | 2010-09-13 | 2012-03-15 | Mcdorman Douglas | User authentication and provisioning method and system |
US8924715B2 (en) * | 2010-10-28 | 2014-12-30 | Stephan V. Schell | Methods and apparatus for storage and execution of access control clients |
WO2012073340A1 (en) * | 2010-11-30 | 2012-06-07 | 富士通株式会社 | Key update method, node, gateway, server, and network system |
WO2012073339A1 (en) * | 2010-11-30 | 2012-06-07 | 富士通株式会社 | Key update method, node, gateway, server, and network system |
US8863256B1 (en) | 2011-01-14 | 2014-10-14 | Cisco Technology, Inc. | System and method for enabling secure transactions using flexible identity management in a vehicular environment |
KR101264299B1 (en) | 2011-01-20 | 2013-05-22 | 에스케이플래닛 주식회사 | System and Method for getting certification key for user certification in Converged Personal Network Service |
US8713314B2 (en) * | 2011-08-30 | 2014-04-29 | Comcast Cable Communications, Llc | Reoccuring keying system |
CN102364971A (en) * | 2011-10-09 | 2012-02-29 | 中兴通讯股份有限公司 | Network convergence method and system |
US9338159B2 (en) * | 2012-03-19 | 2016-05-10 | Nokia Technologies Oy | Method and apparatus for sharing wireless network subscription services |
US9655012B2 (en) * | 2012-12-21 | 2017-05-16 | Qualcomm Incorporated | Deriving a WLAN security context from a WWAN security context |
JP6357778B2 (en) * | 2013-06-26 | 2018-07-18 | 株式会社リコー | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, AND PROGRAM |
GB2529838B (en) | 2014-09-03 | 2021-06-30 | Advanced Risc Mach Ltd | Bootstrap Mechanism For Endpoint Devices |
GB2540989B (en) | 2015-08-03 | 2018-05-30 | Advanced Risc Mach Ltd | Server initiated remote device registration |
GB2540987B (en) | 2015-08-03 | 2020-05-13 | Advanced Risc Mach Ltd | Bootstrapping without transferring private key |
WO2018010958A2 (en) * | 2016-07-12 | 2018-01-18 | Deutsche Telekom Ag | Method for detecting and/or identifying data streams within a telecommunications network; system, telecommunications network, and content server entity for detecting and/or identifying data streams within a telecommunications network, program and computer program product |
WO2018010957A1 (en) * | 2016-07-12 | 2018-01-18 | Deutsche Telekom Ag | Method for providing an enhanced level of authentication related to a secure software client application provided by an application distribution entity in order to be transmitted to a client computing device; system, application distribution entity, software client application, and client computing device for providing an enhanced level of authentication related to a secure software client application, program and computer program product |
GB2579571B (en) | 2018-12-03 | 2021-05-12 | Advanced Risc Mach Ltd | Device bootstrapping |
GB2582735B (en) | 2019-02-01 | 2022-11-30 | Arm Ip Ltd | Template-based registration |
GB2582736B (en) | 2019-02-01 | 2022-02-16 | Arm Ip Ltd | Template-based registration |
US11475134B2 (en) | 2019-04-10 | 2022-10-18 | Arm Limited | Bootstrapping a device |
CN110599647A (en) * | 2019-09-05 | 2019-12-20 | 广东纬德信息科技有限公司 | Intelligent lock authentication method and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020012433A1 (en) * | 2000-03-31 | 2002-01-31 | Nokia Corporation | Authentication in a packet data network |
WO2003084265A1 (en) * | 2002-03-26 | 2003-10-09 | Ericsson, Inc. | Method and apparatus for accessing a network using remote subscriber identity information |
WO2003091858A2 (en) * | 2002-04-26 | 2003-11-06 | Thomson Licensing S.A. | Certificate based authentication authorization accounting scheme for loose coupling interworking |
Family Cites Families (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5737419A (en) * | 1994-11-09 | 1998-04-07 | Bell Atlantic Network Services, Inc. | Computer system for securing communications using split private key asymmetric cryptography |
PL354839A1 (en) * | 1999-05-21 | 2004-02-23 | Ibm | Method and apparatus for initializing secure communications among, and for exclusively pairing wireless devices |
US6886095B1 (en) * | 1999-05-21 | 2005-04-26 | International Business Machines Corporation | Method and apparatus for efficiently initializing secure communications among wireless devices |
GB9922665D0 (en) | 1999-09-25 | 1999-11-24 | Hewlett Packard Co | A method of enforcing trusted functionality in a full function platform |
JP2001320356A (en) * | 2000-02-29 | 2001-11-16 | Sony Corp | Data communication system using public key system cypher, and data communication system constructing method |
JP4644900B2 (en) * | 2000-03-07 | 2011-03-09 | ソニー株式会社 | Service providing system, service providing method, service mediating apparatus, and program providing medium via communication means |
JP3973010B2 (en) * | 2000-04-21 | 2007-09-05 | 富士通株式会社 | Authentication apparatus and authentication method for multiple services |
JP2002056140A (en) | 2000-05-30 | 2002-02-20 | Nippon Telegr & Teleph Corp <Ntt> | Ticket and method and device for ticket distribution |
US7107248B1 (en) | 2000-09-11 | 2006-09-12 | Nokia Corporation | System and method of bootstrapping a temporary public-key infrastructure from a cellular telecommunication authentication and billing infrastructure |
NO313480B1 (en) * | 2001-01-24 | 2002-10-07 | Telenor Asa | Procedure for opening all or part of a smart card |
JP4766762B2 (en) | 2001-03-26 | 2011-09-07 | 三洋電機株式会社 | Data playback device |
CN100410927C (en) * | 2001-06-12 | 2008-08-13 | 捷讯研究有限公司 | Certificate management and transfer system and method |
US20030126085A1 (en) * | 2001-12-27 | 2003-07-03 | Slamdunk Networks, Inc. | Dynamic authentication of electronic messages using a reference to a certificate |
JP4186466B2 (en) | 2002-01-16 | 2008-11-26 | ソニー株式会社 | Content distribution system, content distribution method, information processing apparatus, and computer program |
US20030149874A1 (en) * | 2002-02-06 | 2003-08-07 | Xerox Corporation | Systems and methods for authenticating communications in a network medium |
EP1476980B1 (en) * | 2002-02-22 | 2017-09-13 | Nokia Technologies Oy | Requesting digital certificates |
WO2003071736A1 (en) * | 2002-02-22 | 2003-08-28 | Nokia Corporation | Method and apparatus for reducing the use of signalling plane in certificate provisioning procedures |
US7581095B2 (en) * | 2002-07-17 | 2009-08-25 | Harris Corporation | Mobile-ad-hoc network including node authentication features and related methods |
US20040030887A1 (en) * | 2002-08-07 | 2004-02-12 | Harrisville-Wolff Carol L. | System and method for providing secure communications between clients and service providers |
JP3905803B2 (en) * | 2002-08-08 | 2007-04-18 | 株式会社エヌ・ティ・ティ・ドコモ | Authentication system, authentication method, and terminal device in wireless communication |
JP2004078426A (en) * | 2002-08-13 | 2004-03-11 | Nippon Telegr & Teleph Corp <Ntt> | User identification method and system |
KR100819678B1 (en) * | 2002-09-28 | 2008-04-04 | 주식회사 케이티 | Authentification Method of Public Wireless LAN Service using CDMA authentification information |
JP4040424B2 (en) * | 2002-10-16 | 2008-01-30 | Kddi株式会社 | Software license management method, software license management system, and computer program |
US8005503B2 (en) * | 2002-12-18 | 2011-08-23 | Broadcom Corporation | Synchronization of multiple processors in a multi-mode wireless communication device |
KR20040063035A (en) * | 2003-01-04 | 2004-07-12 | 삼성전자주식회사 | The method robust authentication in public wlan networks using mobile networks |
KR100950662B1 (en) * | 2003-01-30 | 2010-04-08 | 삼성전자주식회사 | A method of certifying smart card for Identification Module using Network |
JP3964338B2 (en) | 2003-03-07 | 2007-08-22 | 株式会社エヌ・ティ・ティ・ドコモ | Communication network system, communication terminal, authentication device, authentication server, and electronic authentication method |
JP2004272792A (en) * | 2003-03-11 | 2004-09-30 | Toshiba Corp | Method for controlling network access, information providing device, and apparatus for issuing certificate |
US7505756B2 (en) * | 2003-10-15 | 2009-03-17 | Microsoft Corporation | Dynamic online subscription for wireless wide-area networks |
US7263608B2 (en) * | 2003-12-12 | 2007-08-28 | Lenovo (Singapore) Pte. Ltd. | System and method for providing endorsement certificate |
US20050138355A1 (en) * | 2003-12-19 | 2005-06-23 | Lidong Chen | System, method and devices for authentication in a wireless local area network (WLAN) |
WO2005107129A1 (en) * | 2004-04-30 | 2005-11-10 | Research In Motion Limited | System and method for obtaining certificate status of subkeys |
US20060046692A1 (en) * | 2004-08-26 | 2006-03-02 | Jelinek Lenka M | Techniques for establishing secure electronic communication between parties using wireless mobile devices |
US7640428B2 (en) * | 2004-09-02 | 2009-12-29 | Research In Motion Limited | System and method for searching and retrieving certificates |
US8611536B2 (en) * | 2004-09-08 | 2013-12-17 | Qualcomm Incorporated | Bootstrapping authentication using distinguished random challenges |
US20060059341A1 (en) * | 2004-09-14 | 2006-03-16 | Dharmadhikari Abhay A | Apparatus and method capable of network access |
US8032753B2 (en) * | 2006-11-23 | 2011-10-04 | Electronics And Telecommunications Research Institute | Server and system for transmitting certificate stored in fixed terminal to mobile terminal and method using the same |
-
2004
- 2004-10-01 US US10/956,765 patent/US9282455B2/en not_active Expired - Fee Related
-
2005
- 2005-09-30 DE DE112005002362.1T patent/DE112005002362B4/en not_active Expired - Fee Related
- 2005-09-30 GB GB0705907A patent/GB2433003B/en not_active Expired - Fee Related
- 2005-09-30 WO PCT/US2005/035412 patent/WO2006039616A1/en active Application Filing
- 2005-09-30 CN CNB2005800329569A patent/CN100542344C/en not_active Expired - Fee Related
- 2005-09-30 JP JP2007534842A patent/JP4792037B2/en not_active Expired - Fee Related
- 2005-09-30 KR KR1020077007274A patent/KR100922452B1/en not_active IP Right Cessation
-
2016
- 2016-03-07 US US15/062,886 patent/US9713008B2/en not_active Expired - Lifetime
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020012433A1 (en) * | 2000-03-31 | 2002-01-31 | Nokia Corporation | Authentication in a packet data network |
WO2003084265A1 (en) * | 2002-03-26 | 2003-10-09 | Ericsson, Inc. | Method and apparatus for accessing a network using remote subscriber identity information |
WO2003091858A2 (en) * | 2002-04-26 | 2003-11-06 | Thomson Licensing S.A. | Certificate based authentication authorization accounting scheme for loose coupling interworking |
Non-Patent Citations (1)
Title |
---|
"3rd Generation Partnership Project;Technical Specification Group Service and System Aspects; 3G Security; Wireless Local Area Network (WLAN) Interworking Security; (Release 6)", 3GPP TS 33.234 V0.4.0, March 2003 (2003-03-01), 3GPP TSGA SA WG3 Security-S3#28, pages 1 - 40, XP002296877 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009514434A (en) * | 2005-12-30 | 2009-04-02 | インテル・コーポレーション | Use of shared platform derivation based on trusted platform and enrollment based on WWAN infrastructure to establish secure local channel |
JP2011182433A (en) * | 2005-12-30 | 2011-09-15 | Intel Corp | Use of trusted-platform-based shared-secret derivation and wwan infrastructure-based enrollment, for establishing secure local channel |
JP4783433B2 (en) * | 2005-12-30 | 2011-09-28 | インテル・コーポレーション | Use of shared platform derivation based on trusted platform and enrollment based on WWAN infrastructure to establish secure local channel |
US8452012B2 (en) | 2005-12-30 | 2013-05-28 | Intel Corporation | Using a trusted-platform-based shared-secret derivation and WWAN infrastructure-based enrollment to establish a secure local channel |
WO2013111251A1 (en) * | 2012-01-25 | 2013-08-01 | パナソニック株式会社 | Key management system, key management method, and communication device |
US9258283B2 (en) | 2012-01-25 | 2016-02-09 | Panasonic Intellectual Property Management Co., Ltd. | Key management system, key management method, and communication device |
Also Published As
Publication number | Publication date |
---|---|
US9713008B2 (en) | 2017-07-18 |
GB2433003A (en) | 2007-06-06 |
DE112005002362B4 (en) | 2017-11-16 |
KR100922452B1 (en) | 2009-10-21 |
KR20070046966A (en) | 2007-05-03 |
JP4792037B2 (en) | 2011-10-12 |
GB0705907D0 (en) | 2007-05-09 |
CN100542344C (en) | 2009-09-16 |
CN101032126A (en) | 2007-09-05 |
JP2008515357A (en) | 2008-05-08 |
US20060075242A1 (en) | 2006-04-06 |
GB2433003B (en) | 2009-01-14 |
US9282455B2 (en) | 2016-03-08 |
US20160192198A1 (en) | 2016-06-30 |
DE112005002362T5 (en) | 2007-08-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9713008B2 (en) | System and method for user certificate initiation, distribution and provisioning in converged WLAN-WWAN interworking networks | |
US9722775B2 (en) | Network services via trusted execution environment | |
US10015673B2 (en) | Cellular device authentication | |
US8027472B2 (en) | Using a trusted-platform-based shared-secret derivation and WWAN infrastructure-based enrollment to establish a secure local channel | |
US9215593B2 (en) | Systems and methods for providing security to different functions | |
US9251315B2 (en) | Security key management based on service packaging | |
EP2210435B1 (en) | Method, apparatus and computer program product for providing key management for a mobile authentication architecture | |
CA2579272C (en) | Method and apparatus for pseudo-secret key generation to generate a response to a challenge received from service provider | |
KR101068424B1 (en) | Inter-working function for a communication system | |
US20080108321A1 (en) | Over-the-air (OTA) device provisioning in broadband wireless networks | |
EP2879421B1 (en) | Terminal identity verification and service authentication method, system, and terminal | |
EP2115997A1 (en) | Apparatus, method and computer program product providing enforcement of operator lock | |
CN104243145A (en) | Key generation in a communication system | |
US20190007835A1 (en) | Profile installation based on privilege level | |
KR20080093449A (en) | Gsm authentication in a cdma network | |
Ahmad et al. | SIM-based WLAN authentication for open platforms | |
CN110557745A (en) | System and method for managing locking of user equipment | |
Derenale et al. | An EAP-SIM based authentication mechanism to open access networks | |
CDMA2000 | Terms and Acronyms in Identity Management | |
Dharmadhikari et al. | SIM Based WLAN Authentication for Open Platforms. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2007534842 Country of ref document: JP |
|
ENP | Entry into the national phase |
Ref document number: 0705907 Country of ref document: GB Kind code of ref document: A Free format text: PCT FILING DATE = 20050930 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 0705907.4 Country of ref document: GB |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1120050023621 Country of ref document: DE Ref document number: 200580032956.9 Country of ref document: CN Ref document number: 1020077007274 Country of ref document: KR |
|
RET | De translation (de og part 6b) |
Ref document number: 112005002362 Country of ref document: DE Date of ref document: 20070830 Kind code of ref document: P |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 05802473 Country of ref document: EP Kind code of ref document: A1 |